When you request a fully signed assembly, the compiler hashes the file that contains the manifest (assembly metadata) and signs that hash with the private key. The resulting digital signature is stored in the file that contains the manifest. When an assembly is delay signed, the linker does not compute and store the signature, but reserves space in the file so the signature can be added later.

For example, using /DELAYSIGN allows a tester to put the assembly in the global cache. After testing, you can fully sign the assembly by placing the private key in the assembly.